I am writing from Texas, a state hard hit by COVID-19. We get daily reminders here to do everything we can to protect our families, our colleagues and our customers. But another pandemic-related threat has emerged that has reminded us of an old threat that every business should  be protecting against.

Bad actors on the Internet are attacking some of the same businesses searching for vaccines and cures for COVID-19. Winners in the race to defeat COVID-19 could earn huge profits, so it should come as no surprise that evil-doers want to steal their ideas. But it’s even worse than that. The disruptions and distractions caused by the pandemic have put all kinds of businesses at risk. Bill Conner, president of the cyber-security firm SonicWall, calls the pandemic “a boon to cyber criminals.” (See the SonicWall 2020 Cyber Threat Report.)

So now’s a good time for a refresher on some common-sense safety rules.

  • Train yourself and employees to ALWAYS BE SCEPTICAL of requests or offers from people, companies or organizations you don’t personally know. Cyber villains use a technique called “social engineering­” to trick victims into giving up information. Digital snake-oil salesmen can be very convincing.
  • Update all your software, including applications, firmware, operating systems and third-party stuff like Adobe and Java. Update your firewall, too.
  • Implement layered protection. Cloud services like Microsoft Advanced Threat Protection use artificial intelligence to detect threats in email and OneDrive files. Gateway protection scans files at your firewall and End Point protection works on computers and phones. Choose the best for your business. (It’s unwise to run multiple anti-virus measures on one computer. It just slows down the machine.)
  • Uninstall programs and services you do not use. This reduces the target the bad guys can hit.
  • Back up your important data. Keep one copy onsite for quick recovery. Keep other copies off-site and off your network to protect against ransom attacks. Keep copies for days, weeks or longer to ensure you have a copy that was not encrypted by the bad guys.

 High-value targets like the electrical grid, the military, financial institutions, healthcare organizations and large corporations use sophisticated, expensive systems to prevent and detect intrusions. But in the end, successful attacks result from the actions of people—the bad acts of digital villains, of course, but also the unintentional actions of people who weren’t paying attention. In our experience, for small and mid-size businesses, most cyber damage is the result of an accidental lapse. That’s why regular, ongoing training and awareness are critically important.